What You Can Do To Protect Your Organization
Work from home has opened up new lines of attack for hackers, scammers and cybercriminals and they are working overtime to break into your systems – and the systems of just about every nonprofit and small business out there. They have a huge arsenal of tools at their disposal, from automated bots to phishing campaigns to Ransomware-as-a-Service, to make it possible.
But there is one “tool” that YOU may be inadvertently giving them: your employees. Specifically, your employees’ lack of IT security training.
While most of us expect hackers to attack from the outside using malware or brute-force attacks (hacking, in a more traditional sense), the truth is that most hackers prefer getting others to do their work for them.
In other words, if they can fool your employees into clicking a link in an email or downloading unapproved software onto a company device, all the hackers have to do is sit back while your employees do half their work for them. The worst part is that your employees may not even realize that their actions are compromising your network.
Even if you have other forms of security in place – malware protection, firewalls, secure cloud backup, etc. – it won’t be enough if your employees lack good IT security training. In fact, a lack of training is the single biggest cyber threat you face.
It’s time to do something about it. Comprehensive security awareness training accomplishes several things, including:
1. Identifying Phishing Emails Phishing emails are constantly evolving. It used to be that the average phishing email included a message littered with bad grammar and misspelled words. Plus, it was generally from someone you’d never heard of.
These days, phishing emails are a lot more clever. Hackers can spoof legitimate email addresses and websites and make their emails look like they’re coming from a sender you actually know. They can disguise these emails as messages from your bank or other employees within your business.
You can still identify these fake emails by paying attention to little details that give them away, such as inconsistencies in URLs in the body of the email. Inconsistencies can include odd strings of numbers in the web address or links to YourBank.net instead of YourBank.com. Good training can help your employees recognize these types of red flags.
2. Avoiding Malware Or Ransomware Attacks One reason why malware attacks work is because an employee clicks a link or downloads a program they shouldn’t. They might think they’re about to download a useful new program to their company computer, but the reality is very different.
Malware comes from many different sources. It can come from phishing emails, but it also comes from malicious ads on the Internet or by connecting an infected device to your network. For example, an employee might be using their USB thumb drive from home to transfer files (don’t let this happen!), and that thumb drive happens to be carrying a virus. The next thing you know, it’s on your network and spreading.
This is why endpoint protection across the board is so important. Every device on your network should be firewalled and have updated malware and ransomware protection in place. But more importantly, your employees should be trained on this security. They should understand why it’s in place and why they should only connect using secured devices.
3. Updating Weak and Reused Passwords and using Multi-Factor Authentication If you want to make a hacker’s job easier than ever, all you have to do is never change your password. Or use a weak password, like “QWERTY” or “123456.” Because most people do not change their passwords regularly and because many people are in the habit of reusing passwords for multiple applications, hackers will try to use these passwords in other places, including bank accounts. Even in big companies, people still use and reuse bad passwords that never get changed. Don’t let this be you!
Even better is teaching your people how to use multi-factor authentication (MFA) to protect their accounts with something that’s exponentially stronger than even the best passwords. MFA combines a username and password with another factor, like a code on your phone or a fingerprint scan, making life extremely difficult for the hackers. That’s what you want.
4. Identifying Social Engineering Techniques Hackers will use various techniques to socially engineer your people, techniques like vishing (calling on the phone and pretending to be an IT person), SMiShing (phishing via SMS text messaging) and more. Cyber criminals are creative and relentless in their efforts to get your staff to do their work. Arming your staff with the knowledge of how social engineering works can be invaluable in defending your organization.
Don’t let your employees become your biggest liability. These are just a few examples of how comprehensive cybersecurity training can give your employees the knowledge and resources they need to help protect themselves and your business. Just remember, you do not have to do this by yourself! Good cybersecurity training programs are hard to find, and we are here to help.